Nokia/Withings API returning 342

Question

I am trying to invoke Nokias Get Body Measures api

https://api.health.nokia.com/measure?action=getmeas

Today, I have followed all the steps at https://developer.health.nokia.com/api but at the end of it i get the below mentioned 342 error

{"status":342,"error":"The signature (using Oauth) is invalid"}

--- EDIT ---- I need to build api for Get Body Measures API ( https://developer.health.nokia.com/api/doc#api-Measure-get_measure )

Nokia apis uses OAuth 1.0. I have the consumer key, secret & user auth token & secret keys.

Below is the code i use to generate OAuth Signature but nokia apis complain that it is invalid.

I am not sure whats wrong in below mentioned code.. Please Help!

Thanks

---

package org.nokia.oauth.OAuthSignature;

import java.io.IOException;

import java.io.InputStream;

import java.io.UnsupportedEncodingException;

import java.net.URI;

import java.net.URISyntaxException;

import java.net.URLEncoder;
import java.security.InvalidKeyException;

import java.security.NoSuchAlgorithmException;

import java.util.ArrayList;

import java.util.List;


import javax.crypto.Mac;

import javax.crypto.SecretKey;

import javax.crypto.spec.SecretKeySpec;


import org.apache.commons.codec.binary.Base64;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.client.utils.URIUtils;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;

public class OAuthSignatureGenerator {

    private static String key = "___";
    private static String secret = "___";


    private static final String HMAC_SHA1 = "HmacSHA1";

    private static final String ENC = "UTF-8";

    private static Base64 base64 = new Base64();

    public static void main()
            throws Exception {

    String nonce = genNonce(32);

        List<NameValuePair> qparams = new ArrayList<NameValuePair>();
        qparams.add(new BasicNameValuePair("action", "getmeas"));
        qparams.add(new BasicNameValuePair("oauth_consumer_key", key));
        qparams.add(new BasicNameValuePair("oauth_nonce", "" +nonce));
        qparams.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
        qparams.add(new BasicNameValuePair("oauth_timestamp", "" + (System.currentTimeMillis() / 1000)));
        qparams.add(new BasicNameValuePair("oauth_token","***********"));

        qparams.add(new BasicNameValuePair("oauth_version", "1.0"));

        qparams.add(new BasicNameValuePair("userid","************"));



        String url = "http://api.health.nokia.com/measure";


    StringBuilder base = new StringBuilder();
        base.append("GET&");
        base.append(URLEncoder.encode(url, ENC));
        base.append("&");
        base.append(URLEncoder.encode(URLEncodedUtils.format(qparams, ENC), ENC));

        String sign = sign(base.toString());

    List<NameValuePair> qparams1 = new ArrayList<NameValuePair>();
    qparams1.add(new BasicNameValuePair("action", "getmeas"));
        qparams1.add(new BasicNameValuePair("oauth_consumer_key", key));
        qparams1.add(new BasicNameValuePair("oauth_nonce", "" + nonce));
        qparams1.add(new BasicNameValuePair("oauth_signature",URLEncoder.encode(new1,ENC)));

        qparams1.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
        qparams1.add(new BasicNameValuePair("oauth_timestamp", "" + (System.currentTimeMillis() / 1000)));
        qparams1.add(new BasicNameValuePair("oauth_token","4995c0d05916b42f3e260554dd825bc3740997067ec223e7e81eb3b2dc36"));

        qparams1.add(new BasicNameValuePair("oauth_version", "1.0"));
        qparams1.add(new BasicNameValuePair("userid","10964064"));

        ub.addParameters(qparams1);
        URLEncodedUtils.format(qparams, ENC), null);
        URI uri = ub.build();
        System.out.println("URL with OAuth signature => "
                + uri.toString());
    }





    public static String sign(String signatureBaseString) {
        try {
          Mac mac = Mac.getInstance(HMAC_SHA1);
          String oauth_token = "****";
            byte[] keyBytes = (secret + "&" + oauth_token ).getBytes("UTF-8");

            SecretKey key = new SecretKeySpec(keyBytes, HMAC_SHA1);
          mac.init(key);
          byte[] text = signatureBaseString.getBytes("UTF-8");
          byte[] signatureBytes = mac.doFinal(text);
          signatureBytes = Base64.encodeBase64(signatureBytes);
          String signature = new String(signatureBytes, "UTF-8");


            System.out.println("signature base: " + signatureBaseString);
            System.out.println("signature: " + signature);


          return signature;
        }
        catch (NoSuchAlgorithmException e) {
          throw new IllegalStateException(e);
        }
        catch (InvalidKeyException e) {
          throw new IllegalStateException(e);
        }
        catch (UnsupportedEncodingException e) {
          throw new RuntimeException(e);
        }
    }

    public static String genNonce(int length) {
    String text = "";
    String possible =  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";

    for(int i =0 ; i < length;i++) {
      text += possible.charAt((int)Math.floor(Math.random() * possible.length()));
    }

    return text;
    }
    }

Answer 1

After few more grey hair, i found the issue!! The issue was that i was encoding the oauth signature & when used in the url it was getting encoded again, hence the issue

//qparams1.add(new BasicNameValuePair("oauth_signature",URLEncoder.encode(new1,ENC)));

qparams1.add(new BasicNameValuePair("oauth_signature","new1"));

The above mentioned change solved the issue.

However, I have new issue adding filters to this api. This api has multiple filters as mentioned below & when i add them i get back to 342 Oauth error

{"status":342,"error":"The signature (using Oauth) is invalid"}

// filters for start & end date and measure type
qparams1.add(new BasicNameValuePair("startdate", "1394444124"));
qparams1.add(new BasicNameValuePair("enddate", "1514764800"));
qparams1.add(new BasicNameValuePair("meastype", "1"));

I have tried all combinations of adding this parameters while generating signatures, excluding them from signature gen string. But no luck.

Please help me out here...

I am not sure how to contact nokia folks!

Answer 2

I do not really know what the problem is with your code. But I can share my code which does the same thing and works.I use

consumer.sign(uri)

from the signpost library to sign the GET request. This code might be a litte bit hacky.

import oauth.signpost.OAuthConsumer;
import oauth.signpost.commonshttp.CommonsHttpOAuthConsumer;
import oauth.signpost.exception.OAuthCommunicationException;
import oauth.signpost.exception.OAuthExpectationFailedException;
import oauth.signpost.exception.OAuthMessageSignerException;
import oauth.signpost.http.HttpRequest;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;

public class HealthRequests {

    private String consumer_key,consumer_secret, access_token, access_secret, uri,signed_uri  ;

    OAuthConsumer consumer;

    private HttpClient httpclient;
    private HttpGet httpget;


    public HealthRequests(){
        this.consumer_key = APIKeys.consumer_key;
        this.consumer_secret = APIKeys.consumer_secret;
        this.access_token = APIKeys.access_token;
        this.access_secret= APIKeys.access_token_secret;

        this.uri = "https://api.health.nokia.com/measure?action=getmeas";
        this.signed_uri = null;

        this.consumer = new CommonsHttpOAuthConsumer(consumer_key,consumer_secret);

        this.httpclient = HttpClientBuilder.create().build();
        this.httpget = new HttpGet(uri);

        consumer.setTokenWithSecret(access_token, access_secret);
    }




    // String startDate,String endDate,String lastUpdate
    public void getBodyMeasures () throws IOException {

        signURL();

        request();
    }

    public void getBodyMeasures (long lastUpdate) throws IOException {

        this.consumer.setTokenWithSecret(access_token, access_secret);

        this.uri+= "&lastupdate="+lastUpdate;

        this.signURL();

        this.request();
    }

    public void getBodyMeasures (long startDate, long endDate) throws IOException {

        this.consumer.setTokenWithSecret(access_token, access_secret);

        this.uri += "&startdate="+startDate+"&enddate="+endDate;

        this.signURL();

        this.request();
    }


    private void signURL(){

        try {
            this.signed_uri = consumer.sign(uri);
            this.httpget = new HttpGet(signed_uri);
        } catch (OAuthMessageSignerException ex) {
            Logger.getLogger(HttpRequest.class.getName()).log(Level.SEVERE,       null, ex);
        } catch (OAuthExpectationFailedException ex) {
            Logger.getLogger(HttpRequest.class.getName()).log(Level.SEVERE, null, ex);
        } catch (OAuthCommunicationException ex) {
            Logger.getLogger(HttpRequest.class.getName()).log(Level.SEVERE, null, ex);
        }

    }

    private void request () throws IOException{
        HttpResponse response = httpclient.execute(httpget);
        System.out.println(response.getStatusLine().toString());
        HttpEntity entity = response.getEntity();
        System.out.println();
        System.out.println(EntityUtils.toString(entity));
    }
}